From owner-freebsd-net Thu Jan 31 17:51:55 2002 Delivered-To: freebsd-net@freebsd.org Received: from Awfulhak.org (gw.Awfulhak.org [217.204.245.18]) by hub.freebsd.org (Postfix) with ESMTP id C499137B400 for ; Thu, 31 Jan 2002 17:51:43 -0800 (PST) Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [fec0::1:12]) by Awfulhak.org (8.11.6/8.11.6) with ESMTP id g111peN14905; Fri, 1 Feb 2002 01:51:40 GMT (envelope-from brian@freebsd-services.com) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.6/8.11.6) with ESMTP id g111pbJ06655; Fri, 1 Feb 2002 01:51:37 GMT (envelope-from brian@freebsd-services.com) Message-Id: <200202010151.g111pbJ06655@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Jon Drukman Cc: freebsd-net@FreeBSD.ORG, brian@freebsd-services.com Subject: Re: pptp + mschap In-Reply-To: Message from Jon Drukman of "Thu, 31 Jan 2002 16:48:56 PST." <4.3.2.7.2.20020131164433.00c62678@10.10.10.1> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 01 Feb 2002 01:51:37 +0000 From: Brian Somers Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I don't know a great deal about PPTP, but as it happens, I recently looked for a radius server that'd talk MSCHAPv2 - so that I could teach ppp to do it. I couldn't find any support in the ports, and then our [potential] client backed out, so I never got any further. If you could find a spec on how to talk MSCHAP & MSCHAPv2 to a radius server, I'd certainly be happy to add support to ppp. You never know - the client may come back :*) Cheers. > my company recently switched from a nortel vpn system to a radius based > scheme that is very windows-centric. i had no problems connecting to the > nortel using pptpclient (from the ports). > > now it seems i'm being thrown by ms-chap authentication. i don't really > know how to set this up. as far as i can see from reading the > documentation that comes with pptpclient, this should suffice: > > cnet: > set authname cnet\\jdrukman > set authkey xxxxx > set timeout 0 > set login > enable chap > set log LCP > > > i type "pptp vpn-sf.cnet.com cnet" to initiate the connection. the log > file shows: > > Jan 31 16:19:22 cluttered ppp[32201]: Phase: Using interface: tun0 > Jan 31 16:19:22 cluttered ppp[32201]: Phase: deflink: Created in closed state > Jan 31 16:19:23 cluttered ppp[32201]: LCP: FSM: Using "deflink" as a transport > Jan 31 16:19:23 cluttered ppp[32201]: LCP: deflink: State change Initial > --> Closed > Jan 31 16:19:23 cluttered ppp[32201]: LCP: deflink: State change Closed --> > Stopped > Jan 31 16:19:24 cluttered ppp[32201]: LCP: deflink: LayerStart > Jan 31 16:19:24 cluttered ppp[32201]: LCP: deflink: SendConfigReq(1) state > = Stopped > Jan 31 16:19:24 cluttered ppp[32201]: LCP: ACFCOMP[2] > Jan 31 16:19:24 cluttered ppp[32201]: LCP: PROTOCOMP[2] > Jan 31 16:19:24 cluttered ppp[32201]: LCP: ACCMAP[6] 0x00000000 > Jan 31 16:19:24 cluttered ppp[32201]: LCP: MRU[4] 1500 > Jan 31 16:19:24 cluttered ppp[32201]: LCP: MAGICNUM[6] 0x451f9b67 > Jan 31 16:19:24 cluttered ppp[32201]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) > Jan 31 16:19:24 cluttered ppp[32201]: LCP: deflink: State change Stopped > --> Req-Sent > Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: RecvConfigReq(77) state > = Req-Sent > Jan 31 16:19:25 cluttered ppp[32201]: LCP: MRU[4] 1500 > Jan 31 16:19:25 cluttered ppp[32201]: LCP: ACCMAP[6] 0x000a0000 > Jan 31 16:19:25 cluttered ppp[32201]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x81) > Jan 31 16:19:25 cluttered ppp[32201]: Warning: CHAP 0x81 not supported > Jan 31 16:19:25 cluttered ppp[32201]: LCP: MAGICNUM[6] 0x2567e117 > Jan 31 16:19:25 cluttered ppp[32201]: LCP: PROTOCOMP[2] > Jan 31 16:19:25 cluttered ppp[32201]: LCP: ACFCOMP[2] > Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: SendConfigNak(77) state > = Req-Sent > Jan 31 16:19:25 cluttered ppp[32201]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) > Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: SendTerminateReq(1) > state = Req-Sent > Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: State change Req-Sent > --> Closing > Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: LayerFinish > Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: State change Closing > --> Initial > > and i'm not connected. the tech support people at my company are not very > helpful. they said, use windows. i can get it to work fine from windows > but it's so annoying (it interrupts existing connections and forces > everything to go through the vpn regardless of whether it makes any > sense). it used to work great with freebsd... any help appreciated!! > > thanks > -jsd- -- Brian http://www.freebsd-services.com/ Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message